<?php session_start(); ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<title>Parent Informer RCSHS - Account Verification</title>

<link rel=stylesheet href="../../css-layouts/themes/defaulttheme.css" type="text/css">
<link rel=stylesheet href="../../css-layouts/headlinks.css" type="text/css">
<link rel=stylesheet href="../../css-layouts/imglinks.css" type="text/css">

</head>

<body>

<div id="mainhead"><br><br><br></div>

<?php 

 require_once("../lib/sha256.php");
 require_once("../../sqlconfig.php");

 mysql_connect($server, $sqlusr, $sqlpass) or die(mysql_error()); 
 mysql_select_db($mydb) or die(mysql_error());

 //Checks if there is a login cookie
 if(isset($_COOKIE["parentinformerprcshs"]) || isset($_COOKIE["parentinformerurcshs"])) { 
  if(isset($_COOKIE["parentinformerprcshs"])) {
   $username = $_COOKIE["parentinformerprcshs"]; 
  }
  else {
   $_SESSION['theerrcode'] = 2;
   header("Location: ../logerr_atmpt.php");
  }
  $pass = $_COOKIE["parentinformerurcshs"];
  $check = mysql_query("SELECT * FROM logtbl WHERE usernm = '".$username."'") or die(mysql_error());
  while($info=mysql_fetch_array($check)) {
   if ($pass!=$info['pwrnd']) {
    $_SESSION['theerrcode'] = 2;
    header("Location: ../logerr_atmpt.php");
   }
   else {

    /*
	 * Check if the user has the "verified password" session
	 * cookie
	 */
    if(isset($_SESSION['verd']) && $_SESSION['verd'] == "true") {
	 switch ($info['priv']) {
	  case 1:
	   if(isset($_GET['yrlvl'])) {
	    header("Location: recddb.php?yrlvl=".$_GET['yrlvl']);
	   }
	   break;
	  case 2:
	   header("Location: recddb.php");
	   break;
	  case 3:
	   header("Location: studgr.php");
	   break;
	 }
	}
   
    if(isset($_POST['params'])) {
	 $totrans = $_POST['params'];
	}
	
	if(isset($_POST['acceptbtn']) && isset($_POST['p'])) {
	 $_POST['p'] = sha256($_POST['p']);
	 
	 if(($_COOKIE['parentinformerurcshs'] == $_POST['p'])) {
	  $_SESSION['verd'] = "true";
	  if(isset($_POST['params'])) { 
	   header("Location: recddb.php?yrlvl=".$totrans);
	  }
	  else {
	   header("Location: recddb.php");
	  }
	 }
	 else {
	  $_SESSION['verd'] = "false";
      $noterr = "You have previously typed invalid credentials. Please try again.<br><br>";
	 }
	}
   
?>

<p class="leftnav">
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Logged in as: <?php echo $_COOKIE["parentinformerprcshs"]; ?>
</p>

<p class="rightnav">
<a href="../settings">Settings</a> || <a href="../redirout.php">Logout</a>
</p>

<hr style="clear: both;"><br>

<center><span id="heading">PASSWORD VERIFICATION</span></center>

<br>
<div id="cmd" align=center>

<?php
    if(isset($noterr)) {
	 echo $noterr;
	}
?>

Please enter your password to gain access. Note that this will only<br>
be done once per log in.
</div>

<br>

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method=post>
<table align=center>
<tr>
<td>PASSWORD:</td>
<td><input type="password" id="p" name="p"></td>
</tr>

<tr>
<td>

<?php
    if(isset($_GET['yrlvl'])) {
?>

<input type="hidden" id="params" name="params" value="<?php echo $_GET['yrlvl']; ?>" />

<?php
    }
	elseif(isset($totrans)) {
?>

<input type="hidden" id="params" name="params" value="<?php echo $totrans; ?>" />

<?php } ?>

</td>
<td><input type="submit" value="SUBMIT" id="acceptbtn" name="acceptbtn"></td>
</tr>

</table>
</form>

<div class="footnav" align=center>

<hr>


<a href="../../index.php">Main Page</a> ||
<a href="#">Help</a> ||
<a href="../../externalaffairs/links.php">Links</a> ||
<a href="#">About</a>
<br>

<span id="copyme">
&copy; 2011 Roosevelt College Science High School. All rights reserved.
</span>

</div>
</body>

<?php
   }
  }
 }
 else {
  header("Location: ../../");
 }

?>

</html>